SMTP - Moderately Critical - Information Disclosure

* Advisory ID: DRUPAL-SA-CONTRIB-2017-055
* Project: SMTP Authentication Support (third-party module)
* Version: 7.x, 8.x
* Date: 2017-June-28
* Security risk: 10/25 ( Moderately Critical)
* Vulnerability: Information Disclosure

DESCRIPTION

This SMTP module enables you to send mail using a third party (non-system)
mail service instead of the local system mailer included with Drupal. When
this module is in debugging mode, it will log privileged information.

VERSIONS AFFECTED

* smtp 8.x-1.x versions prior to 8.x-1.0-beta3.
* smtp 7.x-1.x versions prior to 7.x-1.7.

Drupal core is not affected. If you do not use the contributed SMTP
Authentication Support module, there is nothing you need to do.

SOLUTION

Install the latest version:

* If you use the smtp module for Drupal 8.x, upgrade to smtp 8.x-1.0-beta3
* If you use the smtp module for Drupal 7.x, upgrade to smtp 7.x-1.7

Add new comment